False Positive: Overview

Summary: High-level overview of the false positive workflow.

While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the Ivanti Neurons platform provides an option to mark that finding as a false positive (FP).

Once a vulnerability/scanner finding is marked as a false positive, that finding will remain as a false positive unless a user manually removes it from that state or the false positive status expires. Users do not have to account for or address those findings marked as false positive each time they are erroneously identified by a scanner.

Findings marked as false positives are removed from the Ivanti RS³ calculations entirely, providing neither negative or positive impact.

In Ivanti Neurons, you can track the status of a workflow based on its state.

• FP Requested: Requested false positive workflows await review and approval.
• FP Approved: False positive workflows deemed to provide sufficient justification move into the Approved state. An approves workflow closes associated findings until it expires.
• FP Reworked: A manager can rework a workflow if the requester needs to address issues such as missing documentation or an overly broad scope.
• FP Expired: A workflow automatically moves into the Expired state on the designated expiration date. The workflow no longer has an impact on associated findings. Findings may reopen.
• FP Rejected: The organization can reject a workflow that it considers invalid. This operation has a similar system impact to expiration on associated findings.